Stealth File Share

The Stealth File Share module allows users to send and receive encrypted files through a fully decentralized and privacy-preserving system. Files are encrypted locally inside the browser using Lit Protocol before being uploaded to Lighthouse (IPFS-based decentralized storage). No central server, gateway, or API proxy ever sees the plaintext content or keys.

How It Works

Client-Side Encryption (Lit Protocol)
- When a user selects a file, Crosterix uses Lit Protocol’s encryptFile() method to symmetrically encrypt it.
- The symmetric encryption key is then encrypted with the recipient’s wallet public key and stored on the Lit network.
- Only the wallet that owns the corresponding private key can decrypt and retrieve the file.
```
import * as Lit from "@lit-protocol/sdk-nodejs";

const { encryptedFile, encryptedSymmetricKey } =
  await Lit.encryptFile(file, recipientPubKey);
```
Decentralized Storage (Lighthouse / IPFS)
- The encrypted file (.lit) is uploaded to Lighthouse, an IPFS-based decentralized storage network with retrieval and gateway APIs.
- Lighthouse provides a CID (Content Identifier) for the uploaded file.
- Crosterix never stores this CID centrally; it’s only referenced locally and optionally recorded in Supabase for expiration tracking.
```
const response = await lighthouse.upload(encryptedFile, userApiKey);
const cid = response.data.Hash;
```
Expiration & Metadata (Supabase)
- Crosterix uses Supabase as a lightweight metadata database to track:
  - File CID
  - Encryption key hash
  - Expiration time (e.g., 24 hours or 1 access)
  - Access count
```
INSERT INTO file_links (cid, key_hash, expires_at, max_access)
VALUES ('bafkre...', '0xabc...', NOW() + INTERVAL '24 hours', 1);
```
- Once the expiration time or access count is reached, the link automatically becomes invalid.
Access Control
- When the recipient opens the link, the DApp verifies that their wallet can derive the decryption key from Lit Protocol.
- If verified, Crosterix decrypts the file locally in the browser — no backend interaction occurs.
- Unauthorized wallets cannot decrypt or access the data even if they possess the CID.

Security Properties

Layer

Mechanism

Benefit

Encryption

AES-GCM + asymmetric key wrapping (Lit)

End-to-end confidentiality

Storage

IPFS via Lighthouse

Decentralized persistence

Access

Wallet-based key derivation

Only authorized wallets can open

Metadata

Supabase (TTL & counter)

Auto-expire links

Execution

100% client-side

No data leakage to servers

Developer Integration Example

import { uploadEncryptedFile } from "@crosterix/sdk";

const link = await uploadEncryptedFile({
  file,
  recipient: "0xRecipientAddress",
  expiresIn: 86400, // seconds
  maxAccess: 1,
});

console.log("Private link:", link);

This generates a stealth download link such as: https://app.crosterix.io/share/bafkre...#accessKey=0x...

Only the wallet with the correct decryption key can open the file.

PreviousStealth Address Generator NextPrivacy Dashboard

Last updated 1 month ago

Good afternoon

How It Works

Security Properties

Developer Integration Example